I am using squid with a block list. It works great for
everyone on the
LAN, but the issue that I am not able to effectively filter
the internet
for anyone who is not on the LAN without putting in some
proxy settings.
Is there software that could automatically set this up and lock the
thanks for the advice, i just increased cache size to 300 GB
(i have 1 Terra raided hdd so i dont mind the size)
as for object size i've set it to 15 MB. though one question,
i've read that there's a certain option that keeps cached
objects in memory for quick retrieval..
Usually the
The Squid HTTP Proxy team is pleased to announce the
availability of the Squid-3.0.STABLE15 release!
This release is a regular bug fix release. It contains a
number of fixes for some older outstanding bugs.
Changes to Note in this release are:
- Regression Bug 2635: Incorrect
Essentially user1 connects to proxy on NIC1 port 3128, and squid
queries the internet on NIC2 to bring in the data the user has
requested from the internet.
user 1 --- Nic1(squid) NIC2 Internet NIC2 -
NIC1(squid) user
Can anyone point me in the right
Gentoo has recently moved stable from 2.7 to 3.0.13, and i have found that
www.skylinesaustralia.com now fails with both firefox and IE. The message from
firefox is:
Content Encoding Error
The page you are trying to view cannot be shown because it uses an invalid or
unsupported form of
IMHO these days Ethernet eavesdropping really isn't much of
an issue (despite conventional wisdom:-). Much more dangerous
are spyware/trojan keyloggers; server penetration is annother danger.
Eavesdropping on all network traffic from any connection used
to be a big problem when network hubs
I've found that squid is sending a RST packet to a Windows
station (WinXP SP2 or WinVista).
Squid is not configured to send RST's. Is there any
explication for this?
Are you sure that the client is connecting to the correct port and that the
service is running? The OS will typically
Yesterday, I wanted to get back to the cache and saw a great
deal of traffic I/O on the cache but the weird part was that
none of it was for or on my network. It looked like I've been
used as some sort of payment gateway for a short while :).
Anyhow, I do have firewall security in place,
Does anyone have a ballpark on this? It looks like one of our internal
firewalls which hosts a number of DMZs is seeing an average of 400 bytes per
packet. The majority of traffic is HTTP or HTTPS. Is this normal?
tnx
Connection flooding is worse.. and requires offending clients to be
blacklisted by firewalling once identified.
If it's a botnet, there can be tens of thousands of hosts, so blacklisting can
be difficult. Also, unless you have a multi-gigabit connection then they can
just fill your pipe with
my team would like to download a binary version for solaris
of squid 3.0 .
Does anybody know of such a download site/ url ??
Maybe try this...
http://cooltools.sunsource.net/coolstack/
JD
Or http://www.sunfreeware.com/ or http://www.blastwave.org/ (where you also get
pkg-get, a solaris
tc is a linux tool to create network classes that you can
route/mangle/prioritize, it's not Squid specific and won't work with
any other OS, but i used it once in a setup to route TCP_REFRESH_HIT
objects to a different (much faster link), so they can have a faster
If-Modified-Since
I'm using diskd, I found this
http://wiki.squid-cache.org/SquidFaq/DiskDaemon and says ipcs | awk
'/squid/ {printf ipcrm -%s %s\n, $1, $2}' | /bin/sh in Sometimes
shared memory and message queues aren't released when Squid exits.
I'm using linux, where I should put that sentence?
Thanks a
Assuming your disk is attached, your OS recognizes it and the disk is
formatted:
1) Ensure the effective_squid_user has write capability on
the mount point
2) Add a cache_dir directive to squid.conf referencing the
new mount point
3) Stop squid
4) Run squid -z (as root or as the
Step 0) Consider the implications on RAM or adding more cache_dir :-)
You might want to reduce cache_mem or add more RAM.
http://wiki.squid-cache.org/SquidFaq/SquidMemory#how-much-ram
Sorry about the typo - it should be Consider the implications on RAM OF adding
more cache_dir
Thanks a lot for your response .
I used sniffer tool to catch the packet in both Poly graph Server
(10.56.233.99) and Squid server side (198.18.24.3).
I could see 198.18.24.3 send out SYNs, they SYNs were also could be
captured in PolyServer(10.56.233.99) side , but no ack were genenated
by
part of netstat -na in squid2 output like following:
tcp0 1 198.18.24.3:46304 10.56.233.99:
SYN_SENT
This shows that 198.18.24.3 cant communication with 10.56.233.99, so assuming
no firewalling, you have a routing problem (which could be a NAT problem). Run
I agree. But we have infrastructure problems that really push
hard to make it a single ip. We'll be doing WCCP and standard
proxy. But a large number of the clients have hardcoded proxy
ips and make it prohibitive to change it to a new address.
So you have two options:
- setup this hardcoded
I am running into the standard Open Source fear at my local
site.
Ask the fearmongers if they've ever heard of a little piece of software called
BIND, or maybe Apache... Also, you should probably get pricing on commercial
squid support, to let management know that it can be had and how much
you should bear in mind that for a cache to be truly effective at
bandwidth conservation (if that is your goal) it
needs to be placed close to the users.
Maybe - it depends if you want to save bandwidth on your LAN or WAN/Internet
pipe. AFAIK most organisations are more concerned about WAN
Our planned deployment box is a 8-way, 16GB ram, 1TB (6 disks
I think) server which will be running RedHat Enterprise Linux.
There's been some recent list discussions about how squid uses CPU - you'd be
much better off with 4 load balanced dual core boxes than one 8 core box. RAM
is cheap
The hard part is going to be directing requests to the proxies, and
handling failure well. I haven't done ISP proxy deployments in a long
time, so I'll leave it to others to give you advice on that part. I'm
assuming you'll want it to be transparent (e.g., use WCCP)?
If transparent, WCCPv2
I currently have a set of rules such that a certain range
of IP addresses have ZERO internet access.
However, I would like to use the Failure URL feature to
send a customized
message to the users at these denied IP addresses.
The problem seems to be, since they have no access they
can't
I think SmartFilter patches the squid source, so is tied to specific
versions. It certainly adds another option to the configure script.
You can download it for free from SecureComputing's website and have
look. Sorry I cant be more helpful but I'm not a developer.
Smartfilter 4.2.1
I have a huge txt file with domains that I want to ban, like this:
.dom.com
.dom2.net
.etc
I not sure I i can do this at my acl configuration
acl banneddommains dstdomain /path/file.txt
RTFM :-)
From squid.conf;
# TAG: acl
# Defining an Access List
#
# acl aclname
I have sever with 8GB memory
ps aux shows that squid is using max 3467800.
Are you running a 64bit OS and 64bit squid?
i m setting up squid proxy to block gtalk msn, etc...
i found through internet to block port 5223 5222 for gtalk
i tried to block by acl block_port 5223 5222 but it didnt block
plz guide me to block these chat
thansks
squid only can do something when those are tunelled through
Does anyone know how to re-load the object into the memory
from the disk cache?
At the moment? You have to expire the object and refetch it.
So if an object gets written to disk, then subsequently becomes frequently
requested, will this compromise performance as the object must now be
Recently I've spent a fair bit of time benchmarking a Squid system
whose COSS and AUFS storage (10GB total) + access logging are on a
RAID0 array of two consumer grade SATA disks. For various reasons, I'm
stuck with RAID0 for now, but I thought you might be interested to
hear that the box
I disabled the parent cache and tested the speed and it was a
remarkable difference.
Performance problems on the parent? Using a parent in another country would
effect latency but shouldn't effect throughput.
Is there a command I can run on Squid to see what options
have been compiled in?
Run squid -v and look for '--enable-snmp' in the output
I would be happy to try to resolve this issue with Secure Computing.
However, I need more information:
- What exactly is the Secure Computing plugin that supports Squid2 and
does not support Squid3? Does it have a name and a version number?
I think SmartFilter patches the squid source, so is
My 2c WRT 2 v 3 etc;
- We currently run commercial proxies and are looking to replace them with
squid boxes, however recent list discussion is making me a little nervous. I
would have used 2.6 for performance (need to support 10K users) and for
- Secure Computing's Smartfilter. It currently
It sounds like the problem is source port exhaustion, for the outgoing sessions
that squid creates.
Why do you consider the TIME_WAIT as such to be a problem? There is no
significant problem to have some hundreds of thousand
TIME_WAIT sockets on a server port.
Wouldn't there be a 65,536
dig +recurse +additional +authority +notrace A google.com.au
(which I freely admit I could be using wrong, or my upstream
ncsd server
on the host I am on now and exhibited these problems before,
could be silly)
I think it would be highly unlikely that google would be advertising a dead
I suggest you check your IPTABLES rules for opennig the
squid port. may be closed
Iptables could stop you from accessing the port, but couldn't stop squid from
opening the port in the first place. Its not an iptables issue IMO.
I did have SELinux installed onto it. For Nima, I didn't know
Subject: Re: [squid-users] Squid currently not working.
[EMAIL PROTECTED] ~]# ps aux |grep squid
root 16205 0.0 0.0 4044 680 pts/2S+ 13:14
0:00 grep squid
I also went through squid.conf to eliminate most of the
comments(assuming # lines are comments(pretty sure about
Where are the log files that I am supposed to be looking at?
They are defined in squid.conf, eg on my system;
[EMAIL PROTECTED] ~ $ grep cache.log /etc/squid/squid.conf
# TAG: cache_log
cache_log /var/log/squid/cache.log
# cache.log log file is written with stdio functions, and as such
#
FATAL: Cannot open HTTP Port
Squid Cache (Version 2.6.STABLE16): Terminated abnormally.
Supposedly by what this says, the port can't be opened. I made sure
that the firewall had it opened and that my router was forwarding it.
Its not a firewall thing, its the operating system not allowing
Are you running it as root?
I's say he is - I have a fedora 8 box (squid is not actually used on
this box AFAIK);
[EMAIL PROTECTED] ~]$ service squid start
sed: can't read /etc/squid/squid.conf: Permission denied
init_cache_dir /var/spool/squid... /etc/init.d/squid: line 68:
So now I am currently in the jam of finding out why it is currently
not working correctly.
cache_log seems like a good place to start looking.
What OS is this?
Hi All,
Our current proprietory webcaches push about 100Mbps and are due for
replacement, so we're looking at Squid. Assuming Lintel platform, what spec of
hardware would provide, say 2-3 times that performance? We run LDAP
authentication, complex ACLs and SmartFilter.
Cheers,
Adam
42 matches
Mail list logo